Search CVE reports

661 – 670 of 971 results

Detailed view

Sort by:

CVE-2021-23981

Medium priority

Some fixes available 21 of 33

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability...

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Fixed	Fixed	Fixed	Fixed

CVE-2021-23979

Medium priority

Some fixes available 11 of 23

Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-23978

Medium priority

Some fixes available 14 of 26

Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
firefox-esr	Not in release	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed

CVE-2021-23977

Medium priority

Ignored

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-23959

Medium priority

Not affected

An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This...

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	Not in release	Not affected
mozjs38	—	—	Not in release	Not affected
mozjs52	—	—	Not affected	Not affected
mozjs60	—	—	Not in release	Not in release
mozjs68	—	—	Not affected	Not in release
mozjs78	—	—	Not in release	Not in release
thunderbird	—	—	Not in release	Not affected

CVE-2021-23957

Medium priority

Not affected

Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects...

7 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	Not in release	Not affected
mozjs38	—	—	Not in release	Not affected
mozjs52	—	—	Not affected	Not affected
mozjs60	—	—	Not in release	Not in release
mozjs68	—	—	Not affected	Not in release
mozjs78	—	—	Not in release	Not in release
thunderbird	—	—	Not in release	Not affected

CVE-2021-23976

Medium priority

Ignored

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	Not affected
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-23975

Low priority

Some fixes available 11 of 23

The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-23974

Medium priority

Some fixes available 11 of 23

The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, mozjs68, mozjs78

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release

CVE-2021-23973

Low priority

Some fixes available 14 of 26

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86,...

8 affected packages

firefox, firefox-esr, mozjs38, mozjs52, mozjs60...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed
firefox-esr	Not in release	Not in release	Not in release	Not in release
mozjs38	Not in release	Not in release	Not in release	Ignored
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs60	Not in release	Not in release	Not in release	Not in release
mozjs68	Not in release	Not in release	Ignored	Not in release
mozjs78	Not in release	Ignored	Not in release	Not in release
thunderbird	Not affected	Not affected	Fixed	Fixed

Export to JSON

Results by page: